This that and the article are very light on details, but I couldn’t find an article deeper in details
My laptop, that I own and runs Linux that I installed, has chrome in it. I’m order to log into Gmail for work, it installs an extension that is capable of telling Gmail if my disk is encrypted. I know because you get an error message until my disk was actually encrypted. It was a big surprise to me, and I wonder if this is done by the same piece of code.
Btw would there be a way to do virtualization through perhaps docker or flat pack or chroot that can isolate chrome in a sandbox and prevent it from a) reading and writing files anywhere on any disk and b) get other data such as CPU, disk encryption etc?
My laptop, that I own and runs Linux that I installed, has chrome in it. I’m order to log into Gmail for work, it installs an extension that is capable of telling Gmail if my disk is encrypted. I know because you get an error message until my disk was actually encrypted. It was a big surprise to me, and I wonder if this is done by the same piece of code.
That’s strange, I’ve never heard of that before
Btw would there be a way to do virtualization through perhaps docker or flat pack or chroot that can isolate chrome in a sandbox and prevent it from a) reading and writing files anywhere on any disk and b) get other data such as CPU, disk encryption etc?
There are some isolation mechanisms on Linux like Firejail or Bubblewrap. The latter is used by Flatpak to sandbox applications. These are rather weak though, and Flatpak weakens the security of bwrap further. By default, Flatpak application permissions are also set in a Manifest file, which is created by the maintainer of the package. To get more control over your Flatpak sandbox, you need to use an application like Flatseal.
Docker (or containers in general) aren’t meant for isolation/sandboxing, but this approach would also work. I would create a container using Distrobox or toolbx, and install Chrome inside the container.
This will not prevent Chrome from getting your CPU information though. To protect against that, you would have to use a virtual machine (and spoof the your CPU model if you want to hide that from Chrome).
Sounds easier to switch to another browser at that point
OP apparently needs Chrome to log into an enterprise GSuite account, which has specific requirements, that are enforced by Chrome’s enterprise policy system. I don’t think this works in Chromium.
Oh I didn’t catch that my bad. I hope they get a work computer where this kind of stuff doesn’t interfere with private life!
I already ditched Windows for Linux a month ago because of spyware. Everything Google-related is next. My phone is going to be the hardest thing to de-infest.
In my experience you either have to trade one devil for the other with Apple or accept buying hardware from the ad company so you can use GrapheneOS.
You could always go the used/refurbished route to not directly give the chocolate factory money
There are more options than GrapheneOS with broader device support, such as Calyx or LineageOS.
But if you use Android already, you can start by using F-Droid (or others) to install apps to find FOSS replacements for apps you use.
Searching for “Calyx” got me a lot of results that had nothing to do with the Android ROM, so for the convenience of anyone else reading this thread their URL is https://calyxos.org/
Welcome to the world of freedom. The first months may be a bit uncomfortable, but it’s a journey worth taking. Be welcome!
I’m also doing this. Proton is amazing, for the most part. Ente Photos is also incredible for ditching Google Photos, although I’ll probably switch to Proton Photos when that comes out since Ente is pricey.
Isn’t proton photos built into their Proton Drive already? It’s implementation is… barebones… On Android but it works.
Kagi is a great replacement for Google search. It does cost money though.
Or you can take a Duck. Then get one more Duck. Then you can Go.
I already ditched Windows for Linux a month ago because of spyware.
Great!
Everything Google-related is next.
Even better.
My phone is going to be the hardest thing to de-infest.
If you plan on getting a new phone soon, I recommend a Google Pixel, on which you can install GrapheneOS. Yes, ironically Google devices are the best for installing alternative operating systems and removing all the Google BS. GrapheneOS is completely free and open source, and based on the Android Open Source Project. It incorporates many privacy and security enhancements, and gives you total freedom and control over your device. In my opinion, it’s the best option for degoogling a phone.
There is also Lineage OS. It’s not as secure but it is compatible with the most amount of devices.
Unfortunately LineageOS is highly insecure because there’s no ability to lock the bootloader, and Android Verified Boot is completely missing. These are just the biggest and most obvious flaws in Lineage, but there are more: https://madaidans-insecurities.github.io/android.html#lineageos
I kinda want to, but I’m also a sucker for ease of use
For ease of use Apple might be the most convenient alternative to Google. At least for smartphones.
Ease of use and apple are not near each other in my dictionary.
I think a lot of things are designed very unlogical
That might be because you are just not used to it. Comparable to the switch from Windows to Linux.
I’m using Linux and tried different distros. I also used chrome os and windows Phone. I tried ios, hence my feelings towards it
And many people tried Linux and were having difficulties adapting to it at first and most probably gave up. Just like you did with iOS.
Pff, sure buddy. Used it for 4 months due to my phone being dead. Go shill someone else. If the adoption of a new os goes against what I want of said os, then it’s not an os for me. Simple as that
Refreshing change from reading about some new AI powered tracking nonsense in Windows.
Just use Firefox
shrug
My biggest issue is video streaming on older computers. I have an old laptop I use casually for video playing in the background, and Webkit browsers like Edge definitely load YouTube with far less stuttering. I’m still trying to find good alternatives - lately even changing the user agent doesn’t seem to make it faster.
This to me sounds like an issue with hardware video decoding not working right and it falling back to software decoding on the CPU.
there’s a portion of the internet that just doesn’t work in Firefox because the company pays only $2 million a year for developers and they can’t do it
As part of our company’s security policy, our IT admin disallows firefox to be installed in dev machine.
our engineers cannot test their work in firefox.
LOL
This nonsense is part of why I prefer to work for smaller companies.
there’s no quality control with a test suite of browsers and versions running in virtual machines?
Due to security policy, we cannot run vm. Oh, btw, we do android development too. I guess they didn’t know android studio runs a vm. So that is ok
That’s wack.
I think our company does something similar (Chrome by default, need to ask IT for anything else), but our department just said, “we need Macs to do our work, you have no power here…” I hate macOS, but I hate stupid IT policies more.
I’ve yet to find more than a handful of pages that have had issues, and most were fairly poorly coded to begin with
I found one the other day but I don’t even recall what it was. I almost never have any problems.
Can someone explain this to me like I’m 5. I understand it’s not good but I don’t know why and I would like to understand it.
Effectively Google has a browser extension (just like the ones you’d install from the Chrome Web Store like uBlock Origin) that comes with the browser that’s hidden.
This extension allows Google to see additional information about your computer that extensions and websites don’t normally have access to, such as checking how much load your PC has or directly handing over hardware information like the make and model of your professor.
The big concern in the comments is that this could be used for fingerprinting your browser, even in Incognito mode.
What this essentially means is that even though the browser may not have any cookies saved or any other usual tracking methods, your browser can still be recognised by how it behaves on your machine in particular, and this hidden extension allows Google to retrieve additional information to further narrow down your browser and therefore who you are (as they can link this behaviour and data to when you’ve used Google with that browser signed in), even in Incognito mode.
So since they only just seem to have discovered this, does that mean this invisible extension also likely to be present on Chromium based browsers such as Brave and Thorium etc…?
Yes, though they could remove it. If they’re open source then you could check easily.
Fingerprinting.
Bingo! Google wants to go cookieless and fingerprinting has been
one ofthe solvesI’ve always read about in the SEO world.Thank you for this info. If this is just an extension, can we just uninstall it or turn it off?
This is not a typical extension and it cannot be removed. It doesn’t even show up in the list of installed extensions.
Maybe recompiling? But I suspect that Chrome as it is, is closed source?
Seems like a great option. Can anyone more familiar with the code confirm this removes the aforementioned CPU-fingerprinting plugin?
It does. You can even try it out yourself. Install Ungoogled Chromium, go to google.com and paste the following code in the Developer console (which you can bring up by pressing F12 and clicking on ‘Console’ at the top of the DevTools interface):
chrome.runtime.sendMessage( "nkeimhogjdpnpccoofpliimaahmaaome", { method: "cpu.getInfo" }, (response) => { console.log(JSON.stringify(response, null, 2)); }, );If it returns nothing or an error, you’re good. If it returns something like this:
{ "value": { "archName": "arm64", "features": [], "modelName": "Apple M2 Max", "numOfProcessors": 12, "processors": [ { "usage": { "idle": 26890137, "kernel": 5271531, "total": 42525857, "user": 10364189 } }, ...it means that the hidden extension is present, and *.google.com sites have special access in your browser.
Chromium is open source. Google Chrome is not open source.
even in Incognito mode.
I thought extensions don’t run in incognito mode?
I know Firefox doesn’t run them by default - you can specify which extensions you’d like to run in incognito mode.
I tested it with a stock install of chrome/windows 11. Works.
I thought extensions don’t run in incognito mode?
They don’t. Unless you check the box that allows them to. And I’m sure Google has already checked that box by default.
information like the make and model of your professor
Oh no, not my professor :( (/s)
Oh that’s a good typo, I’m leaving that! I look forward to the LLMs in 2030 telling you to watch the temps on your professor and make sure it doesn’t get exposed by Chrome.
If you’re still using Google Chrome in 2024, you might be a moron. #Firefox
I am “slightly” worried that there’s only a single option left. That’s only 1 organization’s corruption removed from total loss of control over browsing privacy :/
And Mozilla main source of income is… Google.
This is bad, very bad.
Google pays them to be the default search. FF is like Steve Irwin, you could have been the biggest poacher, if you gave him money he would use it to buy land to help protect animals. FF is pulling the same thing but for the intetnet
so donate and change that
There’s safari and pale moon
There’s a bunch of stuff in Chrome that’s special-cased to only allow Google to access it.
Not sure if it’s still there, but many years ago I was trying to figure out how to do something that some Google webapp was doing (can’t remember which one). I think it was something to do with popping up a chromeless window - that is, a new window with no address bar or browser chrome, just some HTML content.
Turns out the Chromium codebase had a hard-coded allowlist that only allowed
*.google.comto use the API!Are you talking about the “apps” that Chrome used to support? They removed the feature years ago to reduce bloat and RAM usage or something like that.
Before they removed the feature, I had actually figured out how to create my own “apps” that’d simply load webpages I visited often at the time, like Twitch.
I found what I was talking about: https://stackoverflow.com/a/11614605. It was a feature that the Hangouts extension could use, but the user had to manually enable it in the browser settings for any other extensions to use it.
The apps feature is still there just with a different name. It’s labeled as “create shortcut”, and you have to check the box to open a new window. I use it just because Firefox doesn’t have a similar feature.
I don’t know why, but my head automatically put that as “the apps formerly support by Google” the same as “the artist formerly known as Prince”
this just in: google is still spying on you in every way possible
This is hilarious! It even works on Edge, Vivaldi and even Brave 🤣. Good thing I use Firefox in almost everything or general day to day use
I’ll admit, in several places I used Edge as an effort to have at least some layer of distrust between myself and Google. I’ll have to quit that though.
I like your style. I went looking and found “switchbar” which kinda/sorta eases this bouncing between browsers idea:
https://chromewebstore.google.com/detail/open-with-switchbar/klgpknafjlhnpkppfbihchgfebbdcomd
It’s not elegant, but it supports the workflow you suggest. I kind of like the idea of using Edge for google.com and Chrome for microsoft.com. I’m not optimizing my experience (it may in fact be very sub-optimal), but I’m also using competition to neutralize potential shenanigans.
I kind of like the idea of using Edge for google.com and Chrome for microsoft.com.
Dang, just use Firefox. It’s so much easier then this
Firefox 🔛 🔝
🦊🦊
Welp, might as well just use w3m 🤣
such a sensationalist article there. mozilla isnt an advertising company, they bought a company that specialises in privacy focused ad campaigns so they can provide an alternative to google for companies.
which is what they should be doing.
Vivaldi and Brave have the option to disable the Hangouts extension in settings, which should disable this.
As linked in the article, it is indeed used for “Hangouts” (Meet) troubleshooting.
This is good news since Vivaldi is my goto chromium browser (when I need to really use it)
Not a legal mastermind by a long shot but it seems like a DMA violation. Someone needs to get the EU on their ass.
EU: [RELEASES THE HOUNDS]
Just make sure it isn’t the Pomeranians this time
I had to look up what the Pomeranian dog breed is, because I’m not good with dog breeds. Soon as the page of images loaded I burst out laughing. 😆 Thank you. Good start to my day.
Glad to help. 😁 Get out there with that little dog energy.
lmao is been good so far. Have to make a long trip with the kids today, so it helped. ❤️
Make sure it isn’t just the Pomeranians. Some Pomeranians are definitely going to be in the mix.
Ok, I’m good with that.
How long until it will be used as a backdoor to hack womeone’s PC?
Chrome is the backdoor and you already installed it
Seems google has already done that
Negative number.
i think it’s used for the performance testing feature in google meet n stuff like that…
Of course there’s some legitimate use case to it. Just like every privacy rights undermining bill helps “the children”. Doesn’t mean that’s the only or even the main goal.
Does this also affect Chromium, or is it just Google Chrome?
The article mentions it being affecting Google Chrome through Chromium, but it’s not clear if it also affects Chromium on its own, or other Chromium-based browsers.
Chromium alone depends on if it’s the Google version or the Un-Googled version. For the Google version of Chromium, it still has that hangouts extension. However, the Un-Googled Chromium has that extension removed via the build flags, the one to note is
enable_hangout_services_extension=false.As others have said though, it can also depend on what other Chromium-based is being used. Some browsers like Brave and including Vivaldi can have this turned off in the settings. Others like Edge and Opera are affected as well. However it doesn’t affect every Chromium-based browser.
Doesn’t seem to work on cromite desktop (good)
Chromium is also affected.
It allegedly also affects Edge and Vivaldi, so it seems to be chromium not chrome
Just now tested in Vivaldi and it works, so yeah seems like Chromium 🥲
Is this for malicious harvesting or is this part of their chrome device trust product for enterprises?
WINK
No, as far as I know this has nothing to do with attestation/verification for enterprise users.
Why do people still use Chrome?
Please uninstall it from everyone’s home pc and phone that you come into contact with
Because it’s fast and works well enough to keep the fame acquired over the last 10 years.
Slower than Firefox
I use both for my job and my subjective feeling is that chrome is faster. Js benchmarks seems to confirm it. Privately I use Firefox 95% of the time but I understand people who stay on chrome just out of inertia.
I’m a Firefox user on desktop and mobile, and I definitely feel like Chrome is faster on both platforms when I (have to) use it. But I prefer Firefox for the ideology and dev tools (on desktop), since I’m a web developer by trade, so the dev tools make a big difference for me.
There was a short period a few years ago after the Quantum update that I would have partially agreed, because Firefox’s renderer was much smoother. But Chrome seems to have caught up, because it’s been much faster every time I test something in it in the yesrs since.
At the cost of zero privacy, data being stolen and other fundamental issues and morals that Google lacks.
Which is invisible to users, meaning they can ignore it or handwave it with “I haven’t got anything to hide”.
Or worse, “They already know everything about me, so why bother?”. One of my relatives says this. Kill me now.
